Securing My Website Using SSL in Local IIS (5.1 and Above)?
Introduction
There are hundreds of sites that show how you can secure a website using SSL in local IIS mainly for testing and learning purposes.Here I will discuss in the easiest way that took me 2 days. I don't want any other person to take 2 more days. As we know, there are many CA vendors (CA-Certificate Authorities) that offer certificates, such as Verisign, Godaddy and many more. Just choose any one of them and try it out. The steps involved in using SSL in IIS are as follows:
- Installing IIS
- Deploying your test website to IIS
- Creating a certificate request
- Receiving the certificate and installing in Browser and Server
- Testing your secured https website
1. Installing IIS
Go to start > control Panel > add or remove program >add/remove Windows component (available on the left column of add/remove program) > select/check Internet Information Server(IIS) > Click Next.It will ask for Windows CD. (Mind you, IIS can install in some selected OS such as Windows XP professional, Windows server, but not in XP Home.)
Insert your Windows CD and click OK. Note - This is the only way to install IIS in your system. You cannot download IIS and install which I tried for many hours. For specific OS, there is a specific IIS version. (See the pictures below for details.)
2. Deploying Your Test Website to IIS
Go to start > Control Panel > Performance and maintenance > Administrator tools > Double click the ‘Internet Information Server’ icon.Now you can see IIS opening with a vertical column on the left side. Now expand your Computer Name (local computer)> web sites > Default web site.
Right click on ‘Default web site’ folder and choose Properties menu. Now you can see “Default Web site Properties” windows. Choose New > Virtual Directory > Click Next and give an Allies name of your project (say myTestWebstie) as in the figure below, then browse and choose your Test website location (say D:\TestPublished\). Remember, you need to build your test web site from Visual Studio (2005/2008/2010) and publish it before you copy to your virtual Directory. (See 2nd image.)
3. Creating a Certificate Request
Go to start > control Panel > Performance and maintenance > Administrator tools > Double click the ‘Internet Information Server’ icon. Now you can see IIS opening with a column on the left side. Now expand your Computer Name(local computer)> web sites > Default web site. Right click on ‘Default web site’ folder and choose Properties menu. Now you can see “Default Web site Properties” windows. Select the tab “Directory security” as in figure and click “Server Certificate” under the “Secure Communication”. Click the Next button of Certificate Wizard.Choose “Create a new Certificate” >Next > Prepare the request now, but send it later > Next > Give a name for your Certificate and Bit Length as 1024. > Next > Give your company/Organization name + Organization Unit > Next > Enter Country / Region + Sate + City > Next > Save your request certificate file as .txt file (say c:\certieq.txt) > click Next and close the window.
Now your certificate request has been created. If you look at your request certificate file (c:\certieq.txt), you can see a series of crazy strings, something like that shown below:
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt
jDELMAkGA1UEBhMCVVMxFzAVBg
EydGb3IgVGVzdCBQdXJwb3NlcyBPb
BAMTKVZlcmlTaWduIFRyaWFsIFNlY
DTA5MDQwMTAwMDAwMFoXDTI5
aQNg95KnKGrrDUI=
-----END CERTIFICATE-----
Using this request SSL certificate text, you can now request for the
SSL certificate from any of the CAs (Certificate Authorities) such as
Verisign, Godaddy, etc. You need to submit the above generated crazy
string to get SSL Certificate from a CA (say Verisign). After submitting
your request SSL certificate text, you will receive another SSL
Certificate Text from your CA (say Verisign) as a series of crazy
strings like the one which we submitted to them as request. For your
simplification, check those images below and try. 4. Receiving the Certificate and Installing in Browser
After receiving the SSL certificate, we need to save as XXX.cer format with CER extension (say c:\myCertificate.cer). You might be receiving it as text file or sometimes a certificate key. In case you receive it as key file, no need to save as xxx.cer (xxx is your file name) format because they will already be named something like keyname.cer. Then to install in your client browser, you need to do the following steps:- Open a Microsoft Internet Explorer Browser.
- Go to Tools > Internet Options > Content > Certificates.
- Click Import. A certificate manager Import Wizard will appear. Click Next.
- Browse to the location of the recently stored root (done in step 2). Select files for file type.
- Select the certificate and click Open.
- Click Next.
- Select “Automatically select the certificate store based on the type of the certificate”. Click Ok.
- Click Next then Finish.
- When prompted and asked if you wish to add the following certificate to the root store, click Yes.
Installing Certificate in Server (IIS)
We just need to start as in Step 5 (Creating certificate request).Go to start > control Panel > Performance and maintenance > Administrator tools > Double click the ‘Internet Information Server’ icon. Now you can see IIS opening with a column on the left side. Now expand your Computer Name (local computer)> web sites > Default web site. Right click on ‘Default web site’ folder and choose Properties menu. Now you can see “Default Web site Properties” windows. Select the tab “Directory security” as in the figure and click “Server Certificate” under the “Secure Communication”. Click the Next button of Certificate Wizard.
This time, we will choose “Proceed the Pending Request and install the certificate”. Then click browse and choose your certificate location which you have received and save in Step 4.(c:\myCertificate.cer in the above example). Then click Next and complete the wizard. If you get an error like “Pending request for this certificate not found….”, it shows that the replied certificate which you got is incorrect or not the reply of your request certificate.
6. Testing Your Secured HTTPS Website
Here comes the last part that is testing.Go to start > control Panel > Performance and maintenance > Administrator tools > Double click the ‘Internet Information Server’ icon. Now you can see IIS opening with a column on the left side. Now expand your Computer Name (local computer)> web sites > Default web site > and select myTestWebsite folder. On the right hand side column, you can see your web pages which you have created using ASP.NET. Right click on the Default.aspx and click Browse as in fig 1.3. You can see Internet Explorer opening and saying that to type https:// instead of http://, which means that your web site is using SSL (https) and not http.
If your application is not able to run giving some error like “XML Parsing Error: not well-formed Line Number 1, Column 2' Error” in your browser, then you need to re-register the framework with IIS. You can do it by running “aspnet_regiis.exe -i” in VS command prompt.
Thanks and enjoy SSL test.
0 comments:
Post a Comment